Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa
File:                     3231322e3130332e34362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          fueI4MSUYIUzdOOdMR9xkLpo3W1uUoOG54DH6WJhcNQ=
Subject key identifier:   0B:12:97:C5:31:E9:4C:92:A3:39:C0:20:50:7F:93:BF:38:3C:27:45
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       18277D899F21438F04C4F6B3D56C3FA0E6E1E6D7
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa
Signing time:             Mon 31 Mar 2025 00:03:26 +0000
ROA not before:           Sun 30 Mar 2025 23:58:26 +0000
ROA not after:            Mon 30 Mar 2026 00:03:26 +0000
asID:                     834
IP address blocks:        212.103.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:27:7d:89:9f:21:43:8f:04:c4:f6:b3:d5:6c:3f:a0:e6:e1:e6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Mar 30 23:58:26 2025 GMT
            Not After : Mar 30 00:03:26 2026 GMT
        Subject: CN=0B1297C531E94C92A339C020507F93BF383C2745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:17:0b:b4:11:8a:9c:78:ee:cc:a2:a4:39:44:
                    ad:d0:ca:bd:ae:a0:30:3e:73:b5:1e:93:8f:c1:94:
                    f4:97:61:ad:9f:db:cd:fe:ff:69:b2:a0:2e:d3:33:
                    2a:52:ff:3a:ea:40:e6:9a:cb:86:f6:92:11:b0:28:
                    a1:0f:dd:79:64:e4:d2:a7:1f:47:81:dd:d7:ba:8b:
                    99:bc:4f:14:f7:61:ef:f9:89:64:6e:94:b6:e8:76:
                    64:dd:ad:f3:53:f4:02:52:7b:ec:69:70:c0:4c:18:
                    0c:71:2a:a0:6b:58:e0:46:e3:5f:34:b0:d8:83:9f:
                    fc:48:cf:33:df:91:a0:cd:8f:e0:0f:e9:ca:8e:11:
                    f2:e5:58:44:71:99:fb:e5:48:19:2c:2a:c8:7c:fd:
                    c9:1e:08:8d:69:21:e2:ec:fd:2b:4c:0a:4e:d7:0c:
                    59:b9:66:53:c5:02:b1:04:19:2a:6d:ae:29:ed:50:
                    a5:40:1c:f5:81:6b:03:af:1f:03:68:1f:1f:3e:5d:
                    41:e8:58:47:49:6b:ab:17:48:d6:8d:dd:ed:85:b5:
                    29:85:d0:bd:90:8b:78:58:c2:a1:df:b9:6e:b2:7f:
                    2c:42:3d:b1:46:57:bb:b8:8c:8b:6f:dd:ea:ef:92:
                    d3:40:29:1b:4b:70:c3:8f:81:d0:c1:3b:90:51:93:
                    65:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:12:97:C5:31:E9:4C:92:A3:39:C0:20:50:7F:93:BF:38:3C:27:45
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:a5:68:bc:11:ff:14:ce:b2:a6:6b:1a:47:65:3a:59:b0:34:
         42:d4:fa:7a:90:b7:5b:1e:c7:96:a6:c3:01:c7:5d:35:0e:88:
         74:7d:88:46:f6:77:ae:ff:00:da:9a:e8:99:4d:6e:46:29:b4:
         68:b6:d4:ee:66:89:3a:03:a8:c8:23:20:09:45:d8:7a:c5:15:
         98:32:4f:7c:18:07:97:10:b9:d1:72:e9:9c:ef:de:50:4c:17:
         a7:34:1c:cf:77:56:53:3e:51:3f:5f:87:fa:9c:67:b6:fa:03:
         8a:fc:a0:12:c9:cc:a3:0a:33:db:43:d2:89:2c:55:6c:a5:5a:
         29:2d:63:8d:98:2b:95:5f:b6:02:99:87:63:a0:fe:4e:64:9d:
         bd:92:98:7a:2e:81:31:ca:00:04:d5:5c:0b:9d:ba:03:b1:d9:
         90:0f:6c:e1:3f:c1:85:25:88:69:e9:60:62:68:a9:3f:fc:30:
         f2:05:d0:37:af:eb:b3:43:28:a8:7f:88:ac:aa:78:17:9c:5f:
         76:ed:71:06:9b:84:5b:80:a1:f8:fd:f6:ed:30:6b:2c:e5:6e:
         1d:d2:f6:75:db:97:f9:ab:5f:46:1e:34:78:14:41:c2:b8:32:
         55:a8:c6:c4:89:aa:42:3e:f2:9d:63:3c:47:f6:7a:23:f7:d1:
         6c:10:62:0a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGCd9iZ8hQ48ExPaz1Ww/oObh5tcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTAzMzAyMzU4MjZaFw0yNjAzMzAwMDAzMjZaMDMxMTAvBgNV
BAMTKDBCMTI5N0M1MzFFOTRDOTJBMzM5QzAyMDUwN0Y5M0JGMzgzQzI3NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpFwu0EYqceO7MoqQ5RK3Qyr2u
oDA+c7Uek4/BlPSXYa2f283+/2myoC7TMypS/zrqQOaay4b2khGwKKEP3Xlk5NKn
H0eB3de6i5m8TxT3Ye/5iWRulLbodmTdrfNT9AJSe+xpcMBMGAxxKqBrWOBG4180
sNiDn/xIzzPfkaDNj+AP6cqOEfLlWERxmfvlSBksKsh8/ckeCI1pIeLs/StMCk7X
DFm5ZlPFArEEGSptrintUKVAHPWBawOvHwNoHx8+XUHoWEdJa6sXSNaN3e2FtSmF
0L2Qi3hYwqHfuW6yfyxCPbFGV7u4jItv3ervktNAKRtLcMOPgdDBO5BRk2UvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCxKXxTHpTJKjOcAgUH+Tvzg8J0UwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzYyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHUZy4w
DQYJKoZIhvcNAQELBQADggEBABalaLwR/xTOsqZrGkdlOlmwNELU+nqQt1sex5am
wwHHXTUOiHR9iEb2d67/ANqa6JlNbkYptGi21O5miToDqMgjIAlF2HrFFZgyT3wY
B5cQudFy6Zzv3lBMF6c0HM93VlM+UT9fh/qcZ7b6A4r8oBLJzKMKM9tD0oksVWyl
WiktY42YK5VftgKZh2Og/k5knb2SmHougTHKAATVXAudugOx2ZAPbOE/wYUliGnp
YGJoqT/8MPIF0Dev67NDKKh/iKyqeBecX3btcQabhFuAofj99u0wayzlbh3S9nXb
l/mrX0YeNHgUQcK4MlWoxsSJqkI+8p1jPEf2eiP30WwQYgo=
-----END CERTIFICATE-----